Clubhouse denies alleged data breach, experts doubt claims of 3.8 billion leaked phone numbers

Days after social audio app Clubhouse opened up the app to the general public without invites, allegations emerged on Saturday that the service had suffered a data breach and contact information including 3.8 billion numbers (that were synced with the service) was being sold on the dark web. However, after examining the claims, security experts have now stated that the claims of a data breach seem highly unlikely. Meanwhile, Clubhouse has also issued a statement denying the occurrence of the alleged breach.

Earlier on Saturday, cybersecurity researcher Marc Reuf tweeted an image of a post on the dark web claiming that a ‘secret' database from the company was available for sale on the dark web. According to the screenshot, the list of phone numbers includes members phone numbers along with the other phone numbers that were synced with their contact list. It claims that the social audio service collects phone numbers from contact lists, which are synced to the company's servers. The uploader claims they will hold an auction for the data, but only in September.

Also read: Looking for a smartphone? Check Mobile Finder here.

Experts doubt the alleged data breach

Security researcher Rajshekhar Rajaharia tweeted that the claims seemed completely fake. “There are only mobile numbers without name(s), photos. This list of phone numbers can be generated very easily. PII (Personally identifiable information) not available. This seller has a bad past. Attracting buyers by showing lakhs telegram followers. Seems Fake,” he tweeted. Meanwhile, another security expert Alon Gal also pointed out that the claim of the data breach was dubious. “It is just a list of phone numbers, without any additional information, they could have arrived from anywhere,” Gal tweeted.

Clubhouse issues a statement

Clubhouse denied the alleged data breach earlier today. "There has been no breach of Clubhouse. There are a series of bots generating billions of random phone numbers. In the event that one of these random numbers happens to exist on our platform due to mathematical coincidence, Clubhouse's API returns no user identifiable information. Privacy and security are of the utmost importance to Clubhouse and we continue to invest in industry-leading security practices," a Clubhouse representative told HT Tech.

Should users worry?

Going by what experts have stated so far, it appears that users do not have much to worry about the alleged data breach at this point. At the time of publishing this story, there has been no update from Firefox Monitor or Have I Been Pwned online, which indicates that no actual data about the breach has been retrieved so far. However, if users are still worried about the security of their data, they can disable contact syncing on whatever platforms they are using to protect their information in the future.